Adobe patches five critical Shockwave flaws

All of the flaws can allow remote code execution

Adobe has issued a bundle of security patches to fix five critical flaws in its Shockwave media player.

The company has not said whether any exploits have been spotted in the wild, but is urging the millions of Shockwave users to upgrade to version 11.5.2.602 immediately.

Four of the five flaws, all of which can allow remote code execution, were discovered by researchers at vulnerability research company VUPEN Security.

"We discovered four critical vulnerabilities affecting Adobe Shockwave Player, a technology installed on 450 million internet-enabled desktops," the firm said.

"These issues, reported to Adobe a few weeks ago, are caused due to memory corruption and invalid pointer and index errors when processing malformed Shockwave content.

"They could be exploited to remotely compromise a vulnerable system when a user visits a specially crafted web page, e.g. using Internet Explorer or Firefox."

The fifth flaw is a boundary condition issue that could lead to a denial of service problem with the software.

Adobe has pledged to reduce the amount of time it takes to patch flaws from months to weeks, and the speed of delivery of this update suggests that the target is being met.